hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[IPV6] TCPMD5: Fix deleting key operation. 

Due to the bug, refcnt for md5sig pool was leaked when
an user try to delete a key if we have more than one key.
In addition to the leakage, we returned incorrect return
result value for userspace.

This fix should close Bug #9418, reported by <ming-baini@163.com>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
YOSHIFUJI Hideaki 2007-11-20 17:31:23 -08:00 committed by David S. Miller
parent aacbe8c880
commit 77adefdc98
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/ipv6/tcp_ipv6.c
View File

@ -637,10 +637,6 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
kfree(tp->md5sig_info->keys6); kfree(tp->md5sig_info->keys6);
tp->md5sig_info->keys6 = NULL; tp->md5sig_info->keys6 = NULL;
tp->md5sig_info->alloced6 = 0; tp->md5sig_info->alloced6 = 0;
tcp_free_md5sig_pool();
return 0;
} else { } else {
/* shrink the database */ /* shrink the database */
if (tp->md5sig_info->entries6 != i) if (tp->md5sig_info->entries6 != i)
@ -649,6 +645,8 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
(tp->md5sig_info->entries6 - i) (tp->md5sig_info->entries6 - i)
* sizeof (tp->md5sig_info->keys6[0])); * sizeof (tp->md5sig_info->keys6[0]));
} }
tcp_free_md5sig_pool();
return 0;
} }
} }
return -ENOENT; return -ENOENT;